Security

[DX]

Sniper as of lately has been rambling on about wanting to hack SSC. If someone was able to, is there any kind of backup that would restore the site? Waterbridges site has been hacked in the past. I doubt there is any threat but Doom, I would at least disable the source code.

[Hyper_9]

There are a few measures I know of. Either way, I know for a fact neo patches the entire site, SQL queries and all, onto his HD. If he tried it, it could be restored in 15 minutes.And I get to enjoy DoS on snipers computer, and reporting him to the authortities.

We already have a full set of personal information on him, as he was a complete idiot with many privacy issues.

He would be totally screwed.

[Ben]

Hyper is right, if he hacks us then he pretty much has screwed himself. I make backups of the site every once and a while. Sometimes I will make SQL backups, but not as often as the site.

There is no way sniper is getting into the site's FTP or CPanel. The password is randomly generated, and he doesn't even know the username to begin with. It will take him years to get through bruteforce. I'm also confident in the security of the servers we're running on. It's not going to happen.

[Monsoon]

I doubt that he would be the one hacking. He's probably going to get a friend of his or something to do the hacking for him. Yeah, all that security is enough to convince me that sniper won't be able to do anything.

[RacerSoaker445]

I have gotten into the site's directory, say the uploads area where a lot of things are uploaded.

Very simple, but in order to keep people from doing that, you need to redierect, say, Fourms.SSC.net/uploads/ to the page you were just at. My Mom has a very large site that has that, ultra handy.

[Ben]

I actually made it like that on purpose, so I could browse those directories without opening anything special. No security holes there anyway. The SSC images directory is also like that, it's not used anymore though. The most important directory, where most of the site's important info is held, is secure btw (it's sscentral.net/res/ for those who think they might be cool and figure it out). There is no way they could do anything in that directory anyway without opening FTP or CPanel. It's not chmodded to 777 or something similar so a GET/POST based attack isn't an option either.

The only security hole in the entier site is the forum's news, which is not being used currently. But that will not let sniper do anything other than read the first posts of some topics that were deleted and our planning board. Nothing to special, the only hole I know.

Believe me when I say the site is secure. My password is randomly generated, the FTP and CPanel ones are, but I'm not sure about Neo's and Mist's passwords. I've read internet security books before, I used to be into all that hacking XPBackfire-esque. There is no way an elementary schooler could hack this site, unless they were a child hacking prodigy or something. What would he gain by hacking anyway? The FBI making a visit maybe, or his ISP cutting his connection.

[Freakymist]

basically the only person (other than doom) that could really destroy this site is me... :Hey, that's funny.: considering I have more access to the site than anyone else including doom (By law I own this place).

[Neuro]

not to mention the fact that a bruteforce attack by sniper would be impossible, he has 56k :Hey, that's funny.: (...baaaaddd memories of aol...) and I hate to admit it but it has been a while since I made a backup.... it's summer now though, I'll probably do one within the next week.

[Hyper_9]

Quote:

Originally posted by Freakymist@Jun 10 2004, 11:42 AM
basically the only person (other than doom) that could really destroy this site is me... :Hey, that's funny.: considering I have more access to the site than anyone else including doom (By law I own this place).

I SWORE owership of the domain techinally changed place in March...

[BlueSmudge]

I wouldn't be so sure about sniper. My blind step-cousin hacked my local hospital's patient medical records when he was 12.

I don't think sniper even has any disabilities.

[Ben]

No Hyper, I paid Freakymist for the hosting and domain to keep it simple.

Hacking is achieved by holes in the system. I am very sure there are no holes that would let us do that. That hospital likely was running of IIS or something similar. Everytime Microsoft fixes something in that, they add a few new holes. It does take time to find them so that's why many go unfound. IIS is unsecure, and it's sad that many servers run off it.

[Neuro]

fortunately, apache is run on over 60% of the internet's web servers
actually I do know of something..... nevermind I'd have to talk to the site's host about that...

[treebomber]

:Hey, that's funny.: what has sniper doen now

I'm an old friend of his.

and yes, if you're wondering, he does have the tools to hack this site. usually what he does is, he will try to crack you're password with a cracker he downloaded a wile back, if that doesn't work, then he will flood the dam place.

but he is just bluffing. He doesn't want to hack sscentral, but he can.

[BlueSmudge]

what did I tell you guys! If a blind kid can do it, a underdeveloped brat can do it.
Or are you just helping sniper threaten us?

[Hyper_9]

Alpha, I know every overrider in the book. SSC Servers are configured to cut off the account for 24 hours after 5 unsucessful login attempts.

Bravo, Theres a difference between a smart blind kid and a dumbass kid.